From 9f7f7cfc67771fcabaea63dc6677ba243c4aa04d Mon Sep 17 00:00:00 2001
From: Vasilii Ermilov <ermilov.work@gmail.com>
Date: Fri, 29 Mar 2024 10:52:51 +0700
Subject: [PATCH] Add testbed for Gradio CVE-2023-51449

---
 gradio/CVE-2023-51449/README.md               | 19 +++++++++++++++++++
 .../CVE-2023-51449/non-vulnerable.Dockerfile  |  9 +++++++++
 gradio/CVE-2023-51449/test_app.py             | 13 +++++++++++++
 gradio/CVE-2023-51449/vulnerable.Dockerfile   |  9 +++++++++
 4 files changed, 50 insertions(+)
 create mode 100644 gradio/CVE-2023-51449/README.md
 create mode 100644 gradio/CVE-2023-51449/non-vulnerable.Dockerfile
 create mode 100644 gradio/CVE-2023-51449/test_app.py
 create mode 100644 gradio/CVE-2023-51449/vulnerable.Dockerfile

diff --git a/gradio/CVE-2023-51449/README.md b/gradio/CVE-2023-51449/README.md
new file mode 100644
index 00000000..63979861
--- /dev/null
+++ b/gradio/CVE-2023-51449/README.md
@@ -0,0 +1,19 @@
+# Gradio CVE-2023-51449
+
+## Vulnerable setup
+
+```bash
+docker build -t gradio:vuln -f vulnerable.Dockerfile .
+docker run --name gradio-vuln -p 8000:8000 -d gradio:vuln
+```
+
+Application will be available at `localhost:8000`
+
+## Non-vulnerable setup
+
+```bash
+docker build -t gradio:novuln -f non-vulnerable.Dockerfile .
+docker run --name gradio-novuln -p 8000:8000 -d gradio:novuln
+```
+
+Application will be available at `localhost:8000`
\ No newline at end of file
diff --git a/gradio/CVE-2023-51449/non-vulnerable.Dockerfile b/gradio/CVE-2023-51449/non-vulnerable.Dockerfile
new file mode 100644
index 00000000..ec0306a9
--- /dev/null
+++ b/gradio/CVE-2023-51449/non-vulnerable.Dockerfile
@@ -0,0 +1,9 @@
+FROM python:3.9-slim
+
+RUN python -m pip install gradio==4.11.0
+
+ADD test_app.py /workspace/
+
+EXPOSE 8000
+
+CMD [ "python3" , "/workspace/test_app.py" ]
\ No newline at end of file
diff --git a/gradio/CVE-2023-51449/test_app.py b/gradio/CVE-2023-51449/test_app.py
new file mode 100644
index 00000000..bad67242
--- /dev/null
+++ b/gradio/CVE-2023-51449/test_app.py
@@ -0,0 +1,13 @@
+import gradio as gr
+
+def greet(name, intensity):
+    return "Hello, " + name + "!" * int(intensity)
+
+demo = gr.Interface(
+    fn=greet,
+    inputs=["text", "slider"],
+    outputs=["text"],
+)
+
+if __name__ == "__main__":
+    demo.launch(server_name="0.0.0.0", server_port=8000)
diff --git a/gradio/CVE-2023-51449/vulnerable.Dockerfile b/gradio/CVE-2023-51449/vulnerable.Dockerfile
new file mode 100644
index 00000000..f3168308
--- /dev/null
+++ b/gradio/CVE-2023-51449/vulnerable.Dockerfile
@@ -0,0 +1,9 @@
+FROM python:3.9-slim
+
+RUN python -m pip install gradio==4.10.0
+
+ADD test_app.py /workspace/
+
+EXPOSE 8000
+
+CMD [ "python3" , "/workspace/test_app.py" ]